In short, yes. When you a tie a blackberry to a BES server, you essentially give all control of the phone to the BES server. Your IT administrator can access your device remotely, force passwords, restrict BIS access, wipe the device, etc. I haven't tried to pull data from a BB in a while, but it can in theory be done. With BES, the admin can inventory all the applications, versions, etc. on the phone as well force the installation of other applications, etc. The BES policies can be pretty intrusive if the Admin so chooses.

If you have a BB tied into BES, you should assume the device (and the contents on it) are under the control of the BES administrative policies.